The background description provided herein is for the purpose of generally presenting the context of the disclosure. Unless otherwise indicated herein, the materials described in this section are not prior art to the claims in this application and are not admitted to be prior art by inclusion in this section.
In computing, a virtual machine (VM) is an emulation of a given computer system. Virtual machines operate based on the computer architecture and functions of a real or hypothetical computer.
Security, protection from malicious software, has emerged as a major concern of the computing art. It is expected that processors, e.g., some processors from Intel® Corporation of Santa Clara, Calif., will begin to provide support for isolated/protected execution environments to individual applications (also referred to as application execution enclaves or simply, enclaves). Accesses to the enclave memory areas will be limited to codes resident in the enclaves only. Codes outside the enclave will have no access to enclave memory areas. For Intel® processors, the technology is currently known as SGX (Software Guard Extensions). For further information, see Intel® Software Guard Extensions Programming Reference, dated October, 2014.
Memory encryption using key domain selectors and integrity check have been employed to protect and ensure integrity of data stored in memory. Key domain selectors are values used for annotating memory data structures for enhanced security and which participate in the memory encryption process as tweaks, effectively acting as if a different key was used to encrypt the content/data being stored into a memory. Key domain selectors associate encrypted memory content/data with specific uses, code paths, or instances of the applications which are executing, allowing different access control policies to be applied to different software domains. Using key domain selectors, systems can offer increased protection against a range of corruption events and attacks that include software bug-related corruption events (e.g., Use-After-Free, UAF), buffer overflow attacks, physical attacks on memory, and malware attacks including inappropriate memory accesses due to return oriented programming (ROP) injected malware, among others. Key domain selector sizes can range from few bits (1, 2) to large numbers of bits (e.g., 32, 64 or 128).
Among the range of corruption events and attacks, replay attack is particularly difficult to protect against. Prior approaches such as having a replay tree in memory that is searched on every memory access (a worst case scenario), or maintaining state across time, potentially create high memory overhead or limit enclave size, and reduce performance.